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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

1. (Currently Amended) A computer-implemented method for limiting 
access to an electronic document, comprising: 

associating an id e ntifier to a classifier with a first state of a process-driven 
security policy having a plurality of states, with each of the states having a different set 
of access restrictions; 

making the identifi e r available to certain us e rs or groups of users; 

associating an identifier representing a user or a group of users with the first state 
of the process-driven security policy; 

associating the electronic document with at least one of the states the first state of 
the process-driven security policy to impose access restrictions on an electronic 
document , the access restrictions comprising encrypting at least a portion of the 
electronic document using a group key corresponding to the identifier and a state key 
corresponding to the classifier and requiring at least both the group key and the state kev 
to decrypt at least the portion of the electronic document : and 

changing the state of the process-driven security policy for the electronic 
document automatically without user or administrator interaction from the first state to a 
second state in response to an internal or external system event, wherein the changed 
state is based on a transition rule associated with the event. 



Atty. Dkt. No. 2222.5430000 



-3 - 



NATH et al 
Appl. No. 10/677,049 



Reply to Office Action of August 17, 2009 



2. 



(Currently Amended) The method as recited in claim 1, wherein the 



identifier is a classifi e r user ID or a group ID . 

3. (Previously Presented) The method as recited in claim 1, wherein the 
process-driven security policy is provided as part of a document security system. 

4. (Previously Presented) The method as recited in claim 1, wherein said 
method further comprises: 

creating the electronic document; and 

assigning the identifier to the created electronic document. 

5. (Currently Amended) The method as recited in claim 1, wherein the 
process-driven security policy is provided as part of a document security system, and 

wherein said method further comprises: 

creating a plurality of electronic documents; and 

assigning the identifier and the classifier to each of the created electronic 
documents associated with the first state . 

6. (Currently Amended) A computer-implemented method for imposing 
access restrictions on an electronic document, comprising: 

associating an electronic document with at least ene a first state of a plurality of 
states of a process-driven security policy, the first state associated with a classifier and 
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with an identifier representing a user or a group of users, each of the states having a 

different set of access restrictions;[[,]] 

to impos e imposing the set of access restrictions associated with the first state on 
the electronic document, the access restrictions b e ing dep e ndent on the at least on e of th e 
stat e s of the proc e ss driven s e curity policy comprising encrypting at least a portion of the 
electronic document using a group key corresponding to the identifier and a state key 
corresponding to the classifier and requiring at least both the group key and the state key 
to decrypt at least the portion of the electronic document ; and 

subs e quently changing the state of the process-driven security policy for the 
electronic document automatically without user or administrator interaction from the first 
state to a second state in response to an internal or external system event, wherein the 
changed state is based on a transition rule associated with the event. 

7. (Canceled) 

8. (Previously Presented) The method as recited in claim 6, wherein the 
event is a user-triggered event. 

9. (Previously Presented) The method as recited in claim 6, wherein the 
event occurs at or is received at the client machine. 

10. (Previously Presented) The method as recited in claim 6, wherein the 
electronic document includes security information, and the security information includes 
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at least an indication of the state of the process-driven security policy for the electronic 

document. 

1 1 . (Previously Presented) The method as recited in claim 6, wherein said 
method is performed on a plurality of documents on a document-by-document basis. 

12. (Previously Presented) The method as recited in claim 6, wherein at the 
client machine, each of a plurality of electronic documents is in one of the states of the 
process-driven security policy. 

13. (Currently Amended) A tangible computer-readable medium having 
stored thereon computer-executable instructions that, if executed by a computing device, 
cause the computing device to perform a method for imposing access restrictions on an 
electronic document, the method comprising: 

associating an electronic document with at least ene a first state of a plurality of 
states of a process-driven security policy, the first state associated with a classifier and 
with an identifier representing a user or a group of users, each of the states having a 
different set of access restrictions;[[,]] 

to impose imposing the set of access restrictions associated with the first state on 
the electronic document, the access restrictions b e ing d e pendent on tho at least on e of the 
states of the process driv e n s e curity policy comprising encrypting at least a portion of the 
electronic document using a group key corresponding to the identifier and a state key 
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corresponding to the classifier and requiring at least both the group key and the state key 

to decrypt at least the portion of the electronic document ; and 

changing the state of the process-driven security policy for the electronic 

document automatically without user or administrator interaction from the first state to a 

second state in response to an internal or external system event, wherein the changed 

state is based on a transition rule associated with the event. 

14. (Canceled) 

15. (Previously Presented) The computer-readable medium as recited in claim 
13, wherein the event is a user-triggered event. 

16. (Previously Presented) The computer-readable medium as recited in claim 
13, wherein the event occurs at or is received at the client machine. 

17. (Previously Presented) The computer-readable medium as recited in claim 
13, wherein the electronic document includes security information, and the security 
information includes at least an indication of the state of the process-driven security 
policy for the electronic document. 

18. (Previously Presented) The computer-readable medium as recited in claim 
13, wherein the process-driven security policy is imposed on a plurality of documents on 
a document-by-document basis. 
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19. (Previously Presented) The computer-readable medium as recited in claim 
13, wherein at the client machine, each of a plurality of electronic documents is in one of 
the states of the process-driven security policy. 

20. (Canceled) 

21. (Previously Presented) The method as recited in claim 1, wherein the 
event occurs at or is received at a client machine. 

22. (Previously Presented) The method as recited in claim 1, wherein the 
event is a user-triggered event. 
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